🚧 Security Governance – Barrier-Free Tolling Project (OIV) | APRR

🎯 Context

Led the security governance of a large-scale barrier-free tolling project at APRR (Operator of Vital Importance), covering France and Austria, in a highly exposed environment subject to ANSSI regulatory requirements.

🛡️ Governance, Risk & Compliance

• Oversaw action plans resulting from ISO 27001 audits
• Managed PCI DSS SAQ-A self-assessment in coordination with the external auditor
• Updated and maintained project-wide risk assessments
• Ensured continuous alignment with regulatory and compliance requirements

🤝 Stakeholder & Security Coordination

• Facilitated security committees (COPIL) with:
  • Infrastructure teams
  • Application teams
  • Operations teams
  • Third-party providers
• Ensured stakeholder alignment on security priorities and risk mitigation
• Supported secure integration of new architectures and exposed data flows

📊 Security Steering & Monitoring

• Structured governance KPIs and security indicators
• Built monitoring dashboards for executive visibility
• Provided regular steering committee reporting (COPIL)
• Strengthened risk control and decision-making processes

📈 Impact

• Secured a critical and highly exposed infrastructure project (OIV scope)
• Improved governance, compliance, and risk visibility at project scale
• Enabled structured security oversight across multi-country operations
• Reinforced alignment with ANSSI, ISO 27001, and PCI DSS requirements

🌍 Global Cybersecurity Awareness Program – Limagrain (10,000+ Employees)

🎯 Context

Led the international Cybersecurity Awareness Program across a multi-country environment, covering over 10,000 employees and supporting the organization’s security culture at scale.

🧭 Governance & Program Management

• Aligned the program with ISO 27001 and CIS Controls
• Managed the migration of the e-learning platform (PSAT → 360Learning)
• Coordinated with internal teams and instructional engineering stakeholders
• Facilitated steering committees (COPIL) and governance follow-ups

📊 Monitoring & Performance Management

• Defined and structured key KPIs:
  • Completion rates
  • Campaign performance
  • Population coverage
• Built dashboards and ensured regular reporting for executive decision-making
• Tracked deployment progress and program effectiveness

🌐 International Deployment

• Designed and adapted training materials in 19 languages
• Ensured consistent and homogeneous rollout across multiple countries
• Supported large-scale adoption of cybersecurity best practices

📈 Impact

• Strengthened cybersecurity culture at organizational scale
• Improved compliance with ISO 27001-aligned awareness requirements
• Established a structured, measurable, and sustainable awareness governance framework

🛡️ Shared CISO – Deployment of a Cybersecurity Framework for 8 Local Authorities (SITIV)

🎯 Context

Acted as a Shared CISO (RSSI) for SITIV and 8 member municipalities to structure and deploy a unified Information Security Management System (ISMS) for a shared information system.

🔍 Key Responsibilities

• Conducted EBIOS RM risk assessments
• Prioritized cyber risks and defined mitigation strategies
• Built a cybersecurity roadmap aligned with ANSSI guidelines
• Structured and formalized IS governance framework (policies, procedures, incident management)
• Facilitated the network of security representatives across municipalities
• Coordinated with technical and operational teams

🏗️ Governance & Security Deliverables

• ISMS policies (PSSI)
• Risk assessment reports (EBIOS RM)
• Security procedures and governance model
• Incident management framework
• Cybersecurity roadmap & KPI tracking

📈 Impact

• Increased cybersecurity maturity across 8 local authorities
• Secured shared and critical infrastructures
• Established a sustainable and structured security governance model
• Enabled long-term cyber risk management at organizational scale